Professional Documents
Culture Documents
SaaS is a software solution having the code and data executing and residing on cloud.
A user accesses the SaaS through browser.
Remember: The cloud service consumer is a temporary runtime role assumed by a software
program when it accesses a cloud service.
For the time being we shall assume that the browser acts as cloud service consumer when
accessing a SaaS.
SaaS solutions eliminate the need of on-premises (data center based) applications, application
administration and data storage.
The customer is allowed to adopt pay-as-you-go type of rental.
SaaS offers scalability and device independent access to the SaaS solution/s.
SaaS provider assures that the software provided is solidly tested and supported.
The notable disadvantage of SaaS is that the data resides off premises.
Therefore the data security is of prime importance because the customers data maybe
proprietary and business sensitive.
The SaaS provider offers SaaS apps executing over IT resources. These resources can be from a
physical servers or a VM owned/rented by the provider.
Each instance of a SaaS app (consumed by a user) is allocated separate set of IT-resources.
Classes of SaaS:
o Business Logic: Connect the suppliers, employees, investors and customers.
Example: invoicing, funds transfer, inventory management, customer relationship
management (CRM).
o Collaboration: Supports teams of people work together.
Examples: Calendar systems, email, screen sharing, conference management and online
gaming.
o Office productivity: Office environment support.
Examples: Word processors, spreadsheets, presentation and database software’s.
o Software Tools: For the support of developing software and solving compatibility
problems.
Examples: Format conversion tools, security scanning, compliance checking and web
development.
Software’s that are not suitable for public SaaS offerings (according to NIST)
o Real Time Software: They require precise response time. Due to variable response time
and network delays, these software are not suitable to be offered as SaaS. Such flight
control systems and factory robots etc.
o Bulk consumer data: When extremely large amount of data is originating physically at
the consumer’s side such as physical monitoring and patient monitoring data. It is not
feasible to transfer this data in real time over WAN to SaaS provider.
o Critical Software: A software is labelled critical if its failure or delay in handling can
cause loss of life or loss of property. These software’s are not suitable for SaaS because
achieving a continuous acceptable reliability for critical software in public SaaS is quite
challenging due to unreliable public network based access.
SaaS Examples
Software Stack
The NIST has identified few issues and concerns about SaaS. Most of these issues are network dependency
of SaaS.
Data protection
The consumer should analyze the data protection, configuration, database transaction processing
technologies of SaaS provider. Compare them with the confidentiality, integrity, availability and
compliance requirement of the consumer
Encryption
Strong encryption algorithm with key of required strength should be used for each web session
as well as for data